Privacy risk analysis in the IoT domain

Most IoT systems are using or exchanging user related information between system components. This means that privacy is a key factor in these systems. Privacy, both in terms of not allowing unauthorized access to information, but also in terms of handling sensitive information correctly and responsibly. As IoT systems typically are comprised of many software and hardware distributed components, ensuring privacy is a challenging task. This paper proposes a risk rating methodology for identifying and rating privacy risks, and demonstrates how to apply this methodology in an IoT use case set in the context of the EU H2020 BIG IoT project. It is also demonstrated how to handle the results of the risk rating methodology.